Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis

Abstract: : People responsible for computer security incident response and digital forensic examination need to continually update their skills, tools, and knowledge to keep pace with changing technology. No longer able to simply unplug a computer and evaluate it later, examiners must know how to capture an image of the running memory and perform volatile memory analysis using various tools, such as PsList, ListDLLs, Handle, Netstat, FPort, Userdump, Strings, and PSLoggedOn. This paper presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory.

DistLog: A distributed logging scheme for IoT forensics

Abstract: Digital forensics are vital in the Internet of Things (IoT) domain. This is due to the enormous growth of cyber attacks and their widespread use against IoT devices. While IoT forensics do not prevent IoT attacks, they help in reducing their occurrence by tracing their source, tracking their root causes and designing the corresponding countermeasures. However, modern IoT attacks use anti-forensics techniques to destroy or modify any important digital evidence including log files. Anti-forensics techniques complicate the task for forensic investigators in tracking the attack source. Thus, countermeasures are required to defend against anti-forensics techniques. In this paper, we aim at securing the IoT log files to prevent anti-forensics techniques that target the logs’ availability and integrity such as wiping and injecting attacks. In the proposed solution, and at regular intervals of time, the logs generated by IoT devices are aggregated, compressed and encrypted. Afterwards, the encrypted logs are fragmented, authenticated and distributed over n storage nodes, based on the proposed Modified Information Dispersal Algorithm (MIDA) that can ensure log files availability with a degree of ( n − t ). For data dispersal, two cases are considered: the case where the fog nodes are interconnected and the case where they are not. For the former case, the n obtained fragments are transmitted to n neighboring IoT devices (aggregation nodes). However, for the latter one, the output is transmitted to the corresponding fog and then, dispersed over the n neighboring fog nodes. A set of security and performance tests were performed showing the effectiveness and robustness of the proposed solution in thwarting well-known security attacks.

An Automated Approach for Digital Forensic Analysis of Heterogeneous Big Data

Abstract: The major challenges with big data examination and analysis are volume, complex interdependence across content, and heterogeneity. The examination and analysis phases are considered essential to a digital forensics process. However, traditional techniques for the forensic investigation use one or more forensic tools to examine and analyse each resource. In addition, when multiple resources are included in one case, there is an inability to cross-correlate findings which often leads to inefficiencies in processing and identifying evidence. Furthermore, most current forensics tools cannot cope with large volumes of data. This paper develops a novel framework for digital forensic analysis of heterogeneous big data. The framework mainly focuses upon the investigations of three core issues: data volume, heterogeneous data and the investigators cognitive load in understanding the relationships between artefacts. The proposed approach focuses upon the use of metadata to solve the data volume problem, semantic web ontologies to solve the heterogeneous data sources and artificial intelligence models to support the automated identification and correlation of artefacts to reduce the burden placed upon the investigator to understand the nature and relationship of the artefacts.